Central piece of network equipment

ABSTRACT

A central network device having at least one DC supply and an Ethernet connector. The Ethernet connector includes first and second pairs of contacts to carry BaseT Ethernet communication signals. The central network device is configured to employ the at least one DC supply to interrogate predetermined impedance within at least one path coupled between at least one of the contacts of the first pair of contacts and at least one of the contacts of the second pair of contacts of the Ethernet connector.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of U.S. patentapplication Ser. No. 13/615,734 filed Sep. 14, 2012, now U.S. Pat. No.9,019,838 issued Apr. 28, 2015, which is a continuation application ofU.S. patent application Ser. No. 13/370,918, filed Feb. 10, 2012, nowU.S. Pat. No. 8,942,107 issued Jan. 27, 2015, which is a continuationapplication of U.S. patent application Ser. No. 12/239,001 filed Sep.26, 2008, now U.S. Pat. No. 8,155,012 issued Apr. 10, 2012, which is acontinuation application of U.S. patent application Ser. No. 10/668,708filed Sep. 23, 2003, now U.S. Pat. No. 7,457,250 issued Nov. 25, 2008,which is a continuation of U.S. patent application Ser. No. 09/370,430filed Aug. 9, 1999, now U.S. Pat. No. 6,650,622 issued Nov. 18, 2003,which is a continuation-in-part under 35 U.S.C. §111 and §120 ofInternational Application PCT/US99/07846, filed Apr. 8, 1999,designating, inter alia, the United States, and which claims the benefitof U.S. Provisional Patent Application No. 60/081,279 filed Apr. 10,1998. The entire content of each of the above mentioned applications andpatents are incorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Technical Field

This invention relates generally to computer networks and, moreparticularly, to a network management and security system for managing,tracking, and identifying remotely located electronic equipment on anetwork.

2. Discussion

Over the last several years, one of the largest problems in managing thecomputerized office environment has been identified as controlling theTotal Cost of Ownership, or TCO, of the office computer. Controlling TCOincludes not only the cost of the asset but also all costs associatedwith that asset, such as support costs, software costs, and costs due toloss or theft, including hardware, software, and most importantly,information.

An aspect of the support costs of TCO is asset movement. Today, manyemployees have more than one computer. When that employee is moved toanother location, the assets must be moved as well. A typicalorganization can have as much as 40% of its employees move from onelocation to another over the course of a year. When these movementsoccur daily, tracking each asset over time is nearly impossible. Thereis also the unauthorized movement of assets, such as moving an assetfrom an employee's office to his or her associated lab area. In additionto these physical movements, the asset may also be changed over timethrough hardware and software modifications. Even if an asset issuccessfully tracked over a period of time, the asset may not be thesame at the end of the period. Due to this constant asset relocation andreorganization, an organization may not always know where all of itsassets are located. In fact, it is very likely that a company may noteven know how many assets they own or if those assets are still in theirpossession. Additionally, an organization that desires to send a messageto all of the assets within a particular physical area is limited torelying on databases that correlate the network identification of anasset to where that asset should be located, not where the assetactually is located. Previous attempts to provide asset tracking andmanagement have relied on software solutions that have proven to befundamentally flawed. Asset tracking and management software is limitedin a number of important areas. It is generally incapable of detectingthe electrical connection status of equipment, it cannot detect thephysical location of equipment, the identifying name of equipment is notpermanent, and the monitored assets must be powered-up.

Therefore, a method for permanently identifying an asset by attaching anexternal or internal device to the asset and communicating with thatdevice using existing network wiring or cabling is desirable. Also, itis desirable to communicate with an asset based upon the physicallocation of the asset. Additionally, a method of determining when anasset is being removed or added to the network is desirable. It wouldalso be desirable to communicate with the device without requiring thedevice or the asset to be connected to alternating current (AC) power.Such a device would allow a company to track its assets, locate anygiven asset, and count the total number of identified assets at anygiven time, thus significantly reducing its TCO of identified assets.

One method that attempted to control the hardware theft aspect of TCO isdisclosed in U.S. Pat. No. 5,406,260 issued to Cummings et. al, (herebyincorporated by reference) which discusses a means of detecting theunauthorized removal of a networked device by injecting a low currentpower signal into each existing communications link. A sensor monitorsthe returning current flow and can thereby detect a removal of theequipment. This method provides a means to monitor the connection statusof any networked electronic device thus providing an effective theftdetection/deterrent system.

It would, however, be desirable to provide a further means in which anetworked device may also be identified by a unique identificationnumber using the existing network wiring or cabling as a means ofcommunicating this information back to a central location. Moreparticularly, it is desirable to provide a means for identification thatfeasibly employs the same cable (and, if desired, the same wires in thecable) that normally carries high frequency data communications in anexisting network. In addition, it is desirable to provide anidentification system that is easily and inexpensively implemented in anexisting network system.

The theft of information is a further aspect of TCO. Today, the mostimportant resources a company has are its employees and the informationthat they create and accumulate. Information that is available on acompany's internal network can range from personnel files and corporatebusiness plans to research and development efforts related to newproducts. Restricting access to sensitive or confidential informationsuch as personnel files is a high priority for all companies. The use ofpasswords and limiting access to certain types of information toparticular computer stations are typical methods that companies employto protect information. These passive methods of protecting companyinformation are sufficient to prevent technically unknowledgeable peoplefrom gaining access to protected information. However, these methods areusually unable to protect information from a technically knowledgeableperson with specialized electronic equipment. The existence of anunauthorized device connected to the company network may indicate thepresence of someone with electronic equipment that has the capability todefeat a company's internal security measures. A method of blockingcommunications with such a device connected to a network is desirable.Further, automatically blocking communications with an unauthorizeddevice is desirable. An active system that interrogates the devicesconnected to a network and blocks communications with unauthorizeddevices would provide enhanced security for sensitive information.

A further aspect of support costs is the cost associated withutilization of network bandwidth. Today, the bandwidth of most networksis being constantly increased to meet the increasing need to transmitlarge quantities of data. In order to provide the required bandwidthcostly hardware upgrades must be purchased resulting in an increase inthe TCO. To reduce the need for hardware upgrades the use of availablenetwork bandwidth is dedicated to data that is required for theoperation of application programs. Using valuable network bandwidth toprovide a means of identifying assets would either limit theavailability of bandwidth for application programs or require thepurchase of new hardware. Additionally, using network bandwidth forasset identification would limit the identification system to operatingonly when the asset has AC power applied. Assemblies within the assetwould have to be operational in order to transmit data over the network.Requiring power to be applied to every monitored asset would limit thecapability to identify all the assets connected to a network at anyparticular time. Therefore, it is desirable to provide a means for assetidentification that does not use existing network bandwidth. Such adevice would more fully utilize existing network resources withoutincreasing the TCO associated with network bandwidth.

SUMMARY OF THE INVENTION

In accordance with the teachings of the present invention, a centralnetwork device is provided having at least one DC supply and an Ethernetconnector. The Ethernet connector includes first and second pairs ofcontacts to carry BaseT Ethernet communication signals. The centralnetwork device is configured to employ the at least one DC supply tointerrogate predetermined impedance within at least one path coupledbetween at least one of the contacts of the first pair of contacts andat least one of the contacts of the second pair of contacts of theEthernet connector.

BRIEF DESCRIPTION OF THE DRAWINGS

Other objects and advantages of the present invention will becomeapparent to those skilled in the art upon reading the following detaileddescription and upon reference to the drawings in which:

FIG. 1 is a general block diagram that illustrates a network thatincludes a communication system in accordance with a first embodiment ofthe present invention;

FIG. 2 is an exploded perspective view that illustrates installation ofthe central module into an existing computer network in accordance withthe first embodiment of the present invention;

FIG. 3 is a block diagram that illustrates the first embodiment of thepresent invention;

FIG. 4 is an interconnection diagram that illustrates a secondembodiment of the present invention;

FIG. 5 is a block diagram that illustrates a central module made inaccordance with the teachings of the present invention;

FIG. 6 is a detailed schematic diagram of the central module inaccordance with the second embodiment of the present invention;

FIG. 7 is a block diagram that illustrates a remote module made inaccordance with the teachings of the present invention;

FIG. 8 is a detailed schematic diagram that illustrates a central modulein accordance with the second embodiment of the present invention;

FIG. 9 is a diagram that illustrates alternate circuits for blockingcommunications in accordance with an embodiment of the presentinvention;

FIG. 10 is a detailed schematic diagram which illustrates a remotemodule and a central receiver module coupled to a network in accordancewith the third embodiment of the present invention;

FIG. 11 is a perspective view of one embodiment of the hardware for theremote module;

FIG. 12 is an exploded perspective view of the hardware of FIG. 11;

FIG. 13 is a cross-sectional view of the hardware shown mounted to acomputer;

FIG. 14 is a perspective view of an alternative embodiment of thehardware for the remote module;

FIG. 15 illustrates the installation of the hardware of FIG. 14 into acomputer;

FIG. 16 is a schematic representation of an electronic tether inaccordance with the fourth embodiment;

FIG. 17 is a cross-sectional view of an electronic tether used inconnection with the fourth embodiment;

FIG. 18 is a schematic representation of circuitry for the fourthembodiment;

FIG. 19 a is a block diagram that illustrates a system forelectronically identifying an object made in accordance with theteachings of the present invention;

FIG. 19 b is a cross-sectional view of an ID sender tag used inconnection with the system for electronically identifying an object;

FIG. 20 is a schematic representation of circuitry used in a system forelectronically identifying an object;

FIG. 21 is a perspective view that illustrates installation of an IDsender tag and decoder plug; and

FIG. 22 is a perspective view that illustrates an ID sender tag anddecoder plug interconnected by a serial bus.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Four embodiments of the invention are illustrated within thisspecification. The first embodiment illustrates the general teachings ofthe invention, whereas the second, third, and fourth embodiments depictspecific implementations of the teachings. Turning now to FIGS. 1, 2 and3, a first embodiment of a central module 15 and remote module 16 systemis provided therein for achieving identification of electronic computerequipment associated with a computer network 17. Although, the firstembodiment depicts merely communicating equipment identificationinformation, the principles of the invention may be readily extended toinclude the communication of more general information such asidentification of the equipment processor type and the equipmentharddrive capacity. In general, the central module 15 monitors remotemodule circuitry 16 that may be permanently attached to remotely locatedelectronic workstations such as personal computers 3A through 3D overthe computer network 17. The communication system 15 and 16 describedherein is particularly adapted to be easily implemented in conjunctionwith an existing computer network 17 while realizing minimalinterference to the computer network. In addition to being implementedfrom the hub of a network to remotely located PCs, the invention can beapplied to other elements of an office environment such as telephones,fax machines, robots, and printers. The invention is particularlysuitable for being incorporated into a patchpanel. The asset awarepatchpanel would then be capable of identifying the existence andlocation of network assets without power being applied to the assets.

Remotely located personal computers 3A through 3D are each connected tothe computer network 17 so as to provide widespread remote user accessto the computer network 17. The remotely located personal computers 3Athrough 3D are shown connected to hub 1 via data communication links 2Athrough 2D. Data communication links 2A through 2D are, for example,conventional multi-wire cables that include a plurality of transmit andreceive data communication links (sometimes referred to herein as wiresor lines) for communicating information between each of remotely locatedcomputers 3A through 3D and other communication devices on the networksuch as other computers and file servers (not shown).

The invention described herein is particularly suited to be implementedin conjunction with a computer network 17 which preferably employs aconventional wiring approach of the type which may include twisted pairwiring such as Ethernet, Token Ring, or ATM. Wiring schemes similar toEthernet are commonly employed to provide data communication links forelectronic computer equipment. In accordance with conventional wiring orcabling approaches, data communication links 2A-2D generally include apair of transmit wires (not shown) as well as a pair of receive wires(not shown) connected to each of personal computers 3A through 3D. Thecable may include other wires, as well. Each pair of transmit andreceive wires are internally coupled to an associated personal computervia two windings of an internally located isolation transformer (notshown). Each pair of transmit wires and each pair of receive wiresthereby form a current loop through one of the personal computers 3Athrough 3D which is advantageously employed in accordance with theapproach described herein.

The central module 15 includes an isolation power supply 8 (see FIG. 3)which supplies a continuous direct current (DC) power supply to each ofcurrent loops 2A through 2D. The DC power supply has a low currentpreferably on the order of magnitude of about 1 mA. The isolation powersupply 8 includes an input terminal for receiving a low voltage signalV_(LV) which has a magnitude of approximately fifteen (15) volts. Thepresent embodiment of the invention sources DC current from the 15 voltsource to the remote modules 16. However, it is within the scope of theinvention to provide other voltage levels such as 3V dc, and 20V dc.Although the present embodiment sources current for the immediate powerneeds of the remote module, it is also within the scope of the inventionto supply current to charge a battery, capacitor bank, or other energystorage device that powers the remote module. Additionally, powering theremote module from some other source such as a primary battery,rechargeable battery or capacitor bank that receives energy from asource other than the central module is within the scope of theinvention.

The power generated by isolation power supply 8 is passed through signalmodulator 7 which can slightly alter the voltage supplied by isolationpower supply 8 based upon status data provided by the status dataencoder 9. Status data encoder 9 receives its status data from thefirmware kernel 4. Signal modulator 7 inserts this low power supplyacross the transmit and receive lines or into either the transmit linesor the receive lines in order to supply the remote module 16 with bothstatus information and power. The scope of the invention includestransmitting status information as a single bit or as a pulse train.Types of transmitted status information include whether the protectioncircuit is active, date, time, and port location. It is also within thescope of the invention to encode the status data using methods such assingle bit on/off, Manchester, 4B/5B, and Frequency Shift Keying (FSK).

Isolation power supply 13 draws power for the remote module 16 andprovides status information that was encoded into the power supplysignal by signal modulator 7 within the central module 15. This statusinformation is in turn passed over to the firmware kernel 10 of theremote module 16 by way of the status data reader 14.

Firmware kernel 10 provides a preprogrammed unique identification numberto Manchester encoder 11 in order to reliably traverse the datacommunication link or cable 2A. The Manchester encoder then passes thisencoded number to signal transmitter 12 which sends the encoded numberacross the data communication link 2A by altering the total current drawof the remote module 16. Although the present embodiment of theinvention uses Manchester encoding, the principles of the invention maybe readily extended to other encoding techniques such as Frequency ShiftKeying, 4B/5B, PAM5x5, 8B/6T, Polar NRZ, and Bipolar. Additionally,waveshaping the encoded signal with techniques such as MLT-3 is withinthe scope of the invention. In addition to transmitting anidentification number the firmware kernel 10 may also elect to sendadditional information such as confirmation of the status information oradditional data provided by an external device 18, such as the computer3A to which the remote module 16 is attached.

The information sent from the remote module 16 is received by the signalreceiver 6 within the central module 15, decoded by Manchester decoder5, and passed on to the firmware kernel 4. The firmware kernel may nowpass this received information on to an external device 19, such as acomputer responsible for asset tracking.

Kernel 4 may optionally provide a blocking signal to blocking circuit 20to deny, to an unauthorized computer, access to the network informationvia hub 1. For example, if someone uses a laptop to attempt to plug intothe network, the central module 15 detects the absence of the properidentification code from the laptop and, as noted before, kernel 4 wouldissue a suitable signal to blocking circuit 20 to prevent access to thenetwork information and also generate an alarm. Furthermore, if thepotential thief later disconnects protected equipment from the network,this action is also detected and an alarm can be generated. Although thepresent embodiment illustrates the blocking function as shorting thedata lines together 131 (see FIG. 9), it is within the scope of theinvention to implement blocking by other means, such as opening bothlines of the transmit or receive data lines 130, opening one of the datalines 132, and transmitting noise onto the data lines 134.

FIGS. 4-8 illustrate a second embodiment of the invention whichgenerally differs from the first embodiment by having circuitry thattransmits a modulated signal directly to central module 15 a from remotemodule 16 a. In the first embodiment current sourced from central module15 to remote module 16 is modulated within remote module 16 and thenreturned to central module 15. In addition, the second embodiment doesnot have a status data reader 14 in remote module 16 a, but doesadditionally include test voltage source 64 and test voltage monitor 66and 84 pairs in the central module 15 a. Referring to FIG. 4 a network17 a that includes the communication system is shown. Hub 1 connects tocentral module 15 a, which connects to remote module 16 a, whichconnects to PC 3A. Also connected to central module 15 a and remotemodule 16 are external devices 19 and 18. Although the central module 15a and remote module 16 a are each shown connected to a single externaldevice it is within the scope of the invention to connect multipleexternal devices to the modules 15 a and 16 a. Some of the externaldevices that are envisioned include motion detectors and glass breakagedetectors.

Referring to FIGS. 5 and 6, the central module 15 a is depicted. Areceive pair of conductors from the hub 1 pass through connector 67(FIG. 6) and connect to blocking circuit 20, test voltage source 64, andtest voltage monitor 66. A +15 volt source with series resistor 65comprises test voltage source 64. A comparator 68 with a resistordivider circuit comprises the test voltage monitor 66. Diode 70 connectsfrom the divider circuit to the power input of comparator 68 to suppressvoltage transients at the input to comparator 68. A low power TLC2274ACDis employed for comparator 68 of the present embodiment. The testvoltage source 64 and test voltage monitor 66 pair monitor the receiveconductors to ensure the hub 1 is connected to central module 15.Blocking circuit 20 includes high pass filter 60, relay 61, and highpass filter 62 which connects to a receive pair of conductors from theremote module 16. High pass filter 62 also connects internally to signalreceiver 6. High pass filters 60 and 62 block DC current flow andisolate the relay 61 from driver circuits of hub 1 and PC 3A to enablethe central module 15 a to continue to monitor the conductors from theremote module 16 a. Signal receiver 6 comprises an isolation transformer72, low pass active filter 74, and comparator 76. The output ofcomparator 76 is decoded by Manchester decoder 5 and then sent tofirmware kernel 4. A processor 77 is employed to implement the kernel 4and status data encoder 9 functions. The processor 77 in the illustratedembodiment is a Microchip PIC16C62. Internal to the processor 77 datareceived from internal and external signals is encoded and thenoutputted to signal modulator 7 which comprises NPN transistor 78 andPNP transistor 80 arranged in a level shifter configuration. The outputof signal modulator 7 is diode OR'd with the output of isolation powersupply 8 and then connects to one of the transmit data lines thatconnect to remote module 16. The return path for current from PC 3A isthe pair of receive data lines. Test voltage monitor 84 operates in amanner similar to test voltage monitor 66 to ensure PC 3A is physicallyattached to the network 17. Firmware kernel 4 controls the operation ofblocking circuit 88 which is connected across the transmit data linesthat connect to hub 1. High pass filter 86 blocks DC current fromflowing to hub 1 from signal modulator 7 and additionally providesisolation between blocking circuit 88 and the drivers of PC 3A.Connector 90 provides the interface for signals from central module 15 ato the cable that interfaces with remote module 16 a.

Referring to FIGS. 7 and 8, the remote module 16 a of the secondembodiment is illustrated. The receive data lines from central module 15a pass through connector 101 (FIG. 8) and connect to high pass filter100 and signal transmitter 12. High pass filter 100 blocks the DCcurrent that flows from central module 15 a from flowing into the inputcircuit of PC 3A. Signal transmitter 12 a, which comprises resistors 104through 109 and bypass capacitor 110, impresses across the receive datalines a variable current source that is controlled by firmware kernel10. Connected to a transmit line is isolation power supply 13 whichreceives power from central module 15 a. The isolation power supply 13comprises resistor 112, filter capacitor 113, and zener diode 114. Theregulated voltage developed across zener diode 114 provides power forfirmware kernel 10 as well as a number of pull-up resistors. Although aMicrochip PIC12C508 processor is employed for firmware kernel 10 in theillustrated embodiment, there are numerous other devices frommanufacturers such as SGS Thompson and Burr-Brown that may be employed.The outputs from remote module 16 a pass through connector 116 whichconnects to PC 3A.

Referring to FIGS. 4 and 5, the operation of the second embodiment willbe described. The existence of a connection between hub 1 and centralmodule 15 a is monitored by test voltage source 64 and test voltagemonitor 66 through a pair of receive data lines. Current from testvoltage source 64 flows through a data line to an isolation transformerwithin hub 1. The current flows through the primary winding of theisolation transformer and returns on the other receive data line to thetest voltage monitor 66. An interruption in the flow of current isdetected by the test voltage monitor 66. A detailed description of theoperation of test voltage source 64 and test voltage monitor 66 isprovided in U.S. Pat. No. 5,406,206 which is hereby incorporated byreference. Similarly, current sourced onto a transmit line from signalmodulator 7 and isolation power supply 8 through remote module 16 a tothe isolation transformer of PC 3A which returns on the other transmitline is monitored by test voltage monitor 84 to verify that both remotemodule 16 a and PC 3A are connected to central module 15 a. Signalmodulator 7 additionally supplies power to remote module 16 a. A signalfrom firmware kernel 4 controls NPN transistor 78 which likewisecontrols level-shifting PNP transistor 80. When PNP transistor 80 is ON,20 volts is sourced onto the transmit line. When transistor 80 is OFF,15 volts is sourced onto the transmit line. Referring to FIG. 8, thesourced power from central module 15 a flows through resistor 112 andinto zener diode 114 and capacitor 113 which provide a regulated voltageto the circuit. In this embodiment the status data transmitted from thecentral module 15 a is not decoded. However, it is within the scope ofthe invention to receive the encoded data by monitoring various signals,such as the voltage amplitude of the data line relative to ground, thevoltage across resistor 112, and the current through resistor 112.

In response to external signals as well as internally programmedroutines, the firmware kernel 10 outputs a signal to Manchester encoder11. A processor 102 incorporates both the kernel 10 and Manchesterencoder 11 functions. In the illustrated embodiment a Motorola PIC12C508is employed as processor 102. The output of the processor 102 is aManchester encoded signal that drives the balanced resistor network thatcomprises signal transmitter 12 a. A capacitor 110 and resistors 106 and107 can be added to signal transmitter 12 a to provide increasedfiltering of high frequency components. However, the embodiment does notrequire their addition as firmware control and line capacitance providesufficient attenuation to prevent the encoded signal from interferingwith normal network communications. The encoded signal flows throughresistors 104 and 105 onto the receive data lines to central module 16.High pass filter 100 prevents the encoded signal from being conductedthrough the receive data lines to PC 3A. Although the encoded signal inthe present embodiment transmits the encoded signal from the remotemodule 16 a, it is within the scope of the invention to source currentfrom the central module and alter the flow of current from within theremote module 16 a by changing the impedance of a circuit connectedacross the data communication link 2A. Examples of such circuits includean RC network connected directly to the data link 2A and reflecting animpedance change across an isolation transformer.

Referring again to FIG. 6, the encoded signal is received in the centralmodule 15 a by signal receiver 6. Within central module 15 a, high passfilter 62 prevents the encoded signal from being conducted through thedata lines to hub 1. The signal couples through transformer 72 to lowpass active filter 74 which filters out normal network communicationssignals. The filtered signal is squared-up by comparator 76 andoutputted to Manchester decoder 5. The decoded signal is inputted tofirmware kernel 4 which evaluates the information. If the signalrepresents the port ID or wall jack location, the kernel 4 outputs asignal to external device 19. If the signal provides identification ofremote module 16, the kernel 4 compares the received identification withthe expected identification. If an invalid identification is received,the firmware kernel 4 sends signals to blocking circuits 20 and 88commanding them to short the receive data lines together and thetransmit data lines together. The kernel 4 additionally sends an alarmnotifying external device 19 that an invalid identification has beenreceived. Although the embodiment passes a single signal through thedecoder circuit, it is within the scope of the invention to feed encodedsignals from multiple sources through a multiplexer into a singledecoder circuit, or to implement the decode function in firmware orsoftware, or to multiplex the outputs of multiple decoder circuits. Itis also within the scope of the invention to couple the signal from thereceiver data lines through an isolating device into a microprocessorwherein the low pass filtering and decoding functions are implemented.Envisioned isolating devices include devices such as transformers,opto-isolators, and balanced operational amplifier circuits.Additionally, it is within the scope of the invention to integrate allthe functions of the remote module into a processor that interfaceseither directly to the data lines or through an isolating device.

A third embodiment of the invention is illustrated in FIG. 10 whichgenerally differs from the earlier described embodiments by illustratingin detail a circuit as described in the first embodiment wherein currentthat is sourced through a current loop extending from central module 15b to remote module 16 b is modulated in remote module 16 b and thendecoded in central module 15 b. The embodiment comprises a centralmodule 15 b and remote module 16 b that are connected within an existingnetwork 17 b. The central module 15 b comprises a test voltage source117 and a receiver circuit 119. The test voltage source 117 includes a+15 volt source with series resistor 118 for sourcing current onto atransmit data line. The receiver circuit 119 comprises a signal receiver6, a Manchester decoder 5, and firmware kernel 4 b, for receiving anddecoding the return current from the receive data lines.

Remote module 16 b includes an isolation power supply 13 that regulatesand filters power that is received from central module 15 b over apre-existing cable. The isolation power supply 13 supplies regulatedpower to a processor 122 and circuitry that comprises the signaltransmitter 12 b. The processor 122 employed in the illustratedembodiment is a Microchip PIC12C508. The processor 122 and exclusive ORgates 120 and 121 implement both the firmware kernel 10 and Manchesterdecoder 11 functions. An isolation transformer 124, bypass capacitor110, and resistors 126-129 comprise the signal transmitter 12 b whichmodulates the current from isolation power supply 13 that returns tocentral module 15 b. Capacitors 130 and 132 comprise a high pass filterthat blocks the transmitted signal from interfering with normal networkcommunications.

Continuing to refer to FIG. 10, the operation of the third embodimentwill be described. Within central module 15 b, power flows from the +15volt source through series resistor 118 and a transmit data line, to theisolation power supply 13 in remote module 16 b. Within remote module 16b, power from the transmit data line is regulated by zener diode 114 andfilter capacitor 113. The current which flows through resistor 112splits, with a portion flowing through processor 122 and the exclusiveOR gates, and the remainder flowing through zener diode 114. The returncurrent flowing out of zener diode 114 and the circuit ICs, flows intothe secondary winding center-tap of isolation transformer 124. Thecurrent splits between the windings with the reflected primary impedancecontrolling the magnitude of the current that flows in each winding. Theprimary impedance is controlled by processor 122, the exclusive OR gates120 and 121, and the two 10 k resistors 126 and 127. A high logic leveloutput from exclusive OR 120 results in current flowing through resistor126, the primary of isolation transformer 124, resistor 127, and intoexclusive OR 121. The current flowing through the transformer primary isreflected to the secondary where it adds with current flowing throughone winding and subtracts from current flowing through the otherwinding. The direction of the current flowing through the primarychanges as the output of exclusive OR 120 alternates between a logiclevel high and low in response to the Manchester encoded stream fromprocessor 122. The variation in primary current flow direction added tothe secondary current flowing into the center-tap results in a modulatedcurrent signal. The high frequency components of the resulting secondarywinding current flow through bypass capacitor 110. The low frequencycomponents flow through resistors 128 and 129, onto the receive datalines, to the central module 15 b, and through isolation transformer 72to signal ground. Resistors 128 and 129 provide a buffer to prevent thebypass capacitor 110 from loading down the data lines.

Within central module 15 b, the modulated current is reflected from theprimary to the secondary of isolation transformer 72. Low pass activefilter 74 filters out high frequency network communication componentsand passes a squared-up output to the Manchester decoder 5. The decodeddata stream is inputted to the firmware kernel 4 which evaluates thedata stream to ensure a valid identification number was transmitted.

Referring to FIG. 18, a presently preferred embodiment, the fourthembodiment, of the invention is illustrated. The fourth embodimentdiffers from the earlier described embodiments by employing an interfaceamplifier for the signal receiver 6 c in place of an isolationtransformer, adding a third source voltage to central module 15 c,adding a NIC Stick 170, reconfiguring the signal transmitter of theremote module 16 c, and adding an electronic tether 150. The signalreceiver interface amplifier is configured as a bandpass filter usingdesign techniques that are well known in the art. The output of theinterface amplifier is connected to the processor 77 wherein the signalis decoded. The NIC Stick 170 provides an improved method ofinterconnecting the signals that flow between the various modules of thepreferred embodiment. The NIC Stick 170 and remote module 16 c areintegrated into a connector assembly for interconnect to a PC. Thepurpose and function of the tether 150 is provided in a subsequentsection of this specification.

Turning now to FIGS. 11-13 the remote module 16 is illustrated as beingcontained in a special box-like housing 23. The electronics are mountedon a suitable card 22 within the confines of a container 24. Thecontainer 24 is mounted to the computer 3A using the existing fastenersnormally found on the back of the computer. Such a fastener isillustrated at 26. The fastener 26 is chosen to be one that is requiredto be removed in order to gain access to the hardware inside thecomputer. Therefore, the potential thief must remove fastener 26 tosteal the mother board, network identification card (NIC), etc. Lid 32likewise contains opening 34. When the lid is closed as shown in FIG.13, the opening 28 is aligned with opening 34. These openings allow thenormal network wire connector 38 to pass through the openings in housing23 and engage the electronics card 22. Housing 23 includes an outputcord 40 with a connector 42 which engages the standard network interfacecard (NIC) found in the computer. This construction is designed torequire the potential thief to disconnect connector 38 from housing 23in order to gain access to the fastener 26 which must be unscrewed inorder to remove the internal computer parts. When the connector 38 isremoved, the computer 3A becomes, likewise, disconnected from thenetwork. This causes the current in loop 2A to drop below a thresholdlevel which causes the system 15 to cause a system alarm or the like tobe activated. Thus this housing configuration deters theft of theinternal parts of the computer since fastener 26 must be removed to gainaccess to them, as well as deterring removal of the entire computerterminal.

FIGS. 14-15 show an alternative embodiment in which the electronics fornetwork identification circuitry 16 are instead placed upon a card 44which can be inserted into an adjacent slot in the computer next to thestandard NIC card 46. The network wire connector 38 is connected to theinput of card 44 and the output of identification card 44 is thenconnected to the normal input receptacle 48 of NIC card 46. It is alsoenvisioned that the electronics of the network identification circuitrycan be placed on a motherboard within the computer or as part of thecircuitry on the NIC card.

FIG. 16 shows a schematic of another implementation in which theelectronic tether 150 extending from the remote module 16 is attached toequipment to be protected. The remote module 16 monitors the status ofthe tether 150 and notifies the central module 15 if the tether 150 isremoved or the electrical connection interrupted. The central modulethen sets a system alarm either centrally or locally. The tether 150includes two conductive lines 152 and 154 coupled between a pair ofconnectors 156 and 158. An attachment status signal is conducted throughthe conductive lines 152 and 154 for indicating whether the tether 150remains attached to the protected equipment. The first conductive line152 includes pads P1 and P2 inline to provide a means of shorting abreak in the line. The second conductive line 154 is coupled directlybetween the connectors. An external jumper 160 is connected to theoutput connector 158 of the tether 150 to complete the electricalconnection.

FIG. 17 illustrates the electronic tether 150 mounted to the surface ofequipment to be protected. A conductive pad 162 having conductiveadhesive on both sides is bonded to the equipment surface. The adhesiveon the side facing the equipment has greater strength than the adhesiveon the side facing the tether. The relative strength of the adhesive oneither side of the conductive pad 162 is chosen to ensure that if thetether 150 is removed the conductive pad 162 will remain bonded to theequipment, not to the tether. The tether 150 is bonded to the conductivepad 162 so that the pads, P1 and P2, make electrical contact with theconductive pad 162.

In operation, the tether 150 is bonded to a piece of equipment to beprotected such as monitors, printers, fax machines, and chairs. Multipletethers can be connected in series to provide protection for more thanone piece of equipment. The remote module 16 monitors the status of theattachment status signal from the tether 150 to determine that anelectrical short is maintained. An interrupted attachment status signalindicates that either a tether 150 is no longer connected to itsassociated piece of equipment or the electrical connection to the tether150 has been interrupted. Upon detecting an interrupted attachmentstatus signal, the remote module 16 sets a bit of the identificationnumber that is transmitted to the central module 15. The central module15 then sets an alarm either locally or centrally.

From the foregoing it will be understood that the invention provides asystem for communicating with electronic equipment on a network. Thesystem transmits a signal over pre-existing network wiring or cableswithout disturbing network communications by coupling a signal that doesnot have substantial frequency components within the frequency band ofnetwork communications. The system is particularly suitable forhigh-frequency networks such as Ethernet operating at speeds of 10megabits per second (Mb/s) and higher. For purposes of this inventionthe term “high frequency information” means the band of frequenciesneeded to carry data at 10 Mb/s or more. Coupling a lower frequencysignal to the data lines of such a network permits increased utilizationof the available transmitting medium without a commensurate increase inthe cost of the network. To ensure that the added lower frequency signaldoes not interfere with normal network communications the added signalmust not contain frequency components that interfere with the networksignals. For example, when the invention is used with an Ethernet10BASE-T network, the specifications for that network method placestringent restrictions on the behavior of the medium for frequenciesfrom 5 MHz to 10 MHz with some parameters specified to frequencies aslow as 1 MHz. In the present embodiment a simple highpass circuit at 150kHz formed by adding capacitors into each wire of the medium is employedto isolate the injected signal from normal network communications,resulting in substantially no disruption of the high frequency networkinformation. Additionally, employing a higher order high pass filterwould permit operation with less disruption than a lower order high passfilter at the same corner frequency. For the purposes of the invention,the term “low frequency signal” means signals in which the energyrepresenting the data can be reliably carried in the band of frequenciesmade available by this filtering. Typically, this means that the lowfrequency signals operate at a bit rate which is less than about 1% ofthe bit rate of the high frequency signals which carry the networkcommunication data. By way of a specific example, the high frequencyinformation in the embodiment of FIGS. 4-8 operates in the range ofabout 10 Mb/s while the encoded signal sent from remote module 16 a tocentral module 15 a operates in the range of about 1200 bits per second.In other words, the altered current flow has changes and each change isat least 833 microseconds in duration (1/1200=0.000833 seconds).Although the present embodiment operates in the range of about 1200 bitsper second, it is within the scope of the invention to operate at bitrates up to 57.6 kb/s by increasing the filter frequencies, operating ina lower noise environment, or increasing the degradation of networkcommunications. Further suppression of harmonics results from thelowpass filtering provided by the resistors used to couple the lowfrequency signal to the data lines acting with the capacitors used forthe highpass function mentioned above.

Additionally, the system provides a means for permanently identifyingthe location of network assets without applying power to the assets.Also, the system can be employed to determine asset inventory, i.e. whenan asset is being removed or added to the network. The system permits acompany to track its assets, locate any given asset, and count the totalnumber of identified assets at any given time. In addition, the systemprovides a means of blocking communications with an unauthorized devicethat is connected to the network. Furthermore, the system allows theautomatic blocking of communications with an unauthorized device.Additionally, the system is particularly suitable to be integrated intoan asset aware patchpanel in order to provide a means for identifyingthe location of network assets.

Referring to FIGS. 21 and 22, a system 200 for communicating withequipment is illustrated. The system provides a means of assigning apermanent electronic identification number to an object. The objectelectronic number is used to monitor the configuration of the object, tocontrol access to network entities such as programs and servers, and toprovide network management information. The initial configuration of anetwork device is stored and referenced in a network database by theobject identification number, permitting subsequent comparisons betweenthe initial configuration and the subsequent configuration of thenetwork device. Another permanent electronic number may be assigned tothe physical location of the object. The location electronic numbercombined with the object electronic number provides simultaneousreferences for location and configuration of an object. The networkdatabase further includes the location associated with the locationidentification number, thereby permitting between the initial locationand configuration, and the subsequent location and configuration of anobject. The system 200 includes an ID sender tag 202 that has a uniqueidentification number and is physically attached to an object 204. Inthe preferred embodiment the identification number is programmed atmanufacture and is not changeable. Once the ID sender tag 202 isattached to an object, the identification number becomes associated withthat object 204. In the presently preferred embodiment of the invention,a first sender tag 202 is attached to a computer 204 a and a secondsender tag 202 is attached to a wall 204 d near the computer 204 a.However, other objects are within the scope of the invention, such asdesks 204 b, monitors 204 c, computer pointing devices, other computers(powered and unpowered), and clothing. The first sender tag 202 providesidentification information and the second sender tag 202 provideslocation information. Each sender tag 202 transmits a serial stream thatincludes a unique identification number corresponding respectively tothe computer 204 a and the wall 204 d. A decoder plug 206 attached to acomputer port is electronically coupled to the sender tag 202. Thedecoder plug 206 receives the serial stream, and then converts theserial stream into a signal format that is compatible with the port towhich the decoder plug 206 is connected. Although, in the presentlypreferred embodiment the decoder plug 206 is connected to a computerparallel port 210, the principles of the invention may be readilyextended to other types of ports, such as USB, Firewire, keyboard, andserial ports. In addition, the scope of the invention includes couplingmultiple ID senders 202 to a single decoder plug 206 so that multipleobjects can be monitored with the decoder plug 206. Also, connectingmultiple decoder plugs 206 in series is within the scope of theinvention. The decoder plug 206 includes an identification number,thereby permitting the interconnected decoder plugs 206 and ID sendertags 202 to be logically linked together. The parallel port 210 isincluded within the computer 204 a, which is connected to a network 212.Referring to FIG. 19 a, a port reader 218 in the computer 204 a readsthe converted serial stream at the parallel port 210 and sends thecommunicated information over the network 212. The scope of theinvention includes employing pre-existing collector software as aninterface to the port reader for communicating with the decoder plug206. A server 214 connected to the network 212, includes a controlmanager 216 that receives and analyzes the communicated information. Thecontrol manager 216 includes a database for storing communicatedinformation such as initial and subsequent locations and configurationsfor identified objects. Although the presently preferred embodiment ofthe invention includes a port reader 218 and a control manager 216, theprinciples of the invention may be practiced with merely an ID sendertag 202 electronically coupled to a decoder plug 206.

Referring to FIG. 19 b in addition to FIG. 19 a, the mountingconfiguration of the sender tag 202 is illustrated. A mountingarrangement similar to that of the electronic tether 150 described in anearlier section of this specification is employed to mount the sendertag 202 to the surface of an object. The sender tag 202 includes pads205 for mounting. A conductive pad 203 having conductive adhesive onboth sides is bonded to the pads 205 for attaching the sender tag 202 toan equipment surface. The adhesive on the side facing the equipment hasgreater strength than the adhesive on the side facing the pads 205. Therelative strength of the adhesive on either side of the conductive pad203 is chosen to ensure that if the sender tag 202 is removed theconductive pad 203 will remain bonded to the equipment, not to the pads205 of the sender tag 202. With the conductive pad 203 attached to thesender tag 202 an electrical connection is established between the pads205.

Referring to FIG. 20 in addition to FIG. 19 a, the ID sender tag 202 ofthe presently preferred embodiment is illustrated. The ID sender tag 202is a physical identifier that has an identification number that isprogrammed at manufacture. The identification number is remotelyreadable through a communication interface that is continuously operableand parasitically powered. The ID sender tag 202 includes a processor220 for Manchester encoding and sending the identification number overthe attached serial bus. Although, Manchester encoding is employed inthe preferred embodiment, other forms of transmitting a serial streamare within the scope of the invention, such as single bit on/off, 4B/5B,Frequency Shift Keying (FSK), and techniques that result in a DC bias onthe line. Regulating and filtering the power for the processor 220 isprovided by circuitry that is configured using design techniques thatare well known in the art. Additionally, a set of resistors is selectedusing design techniques that are well known in the art to buffer theoutput of the processor 220 from the serial bus. The firmware ofprocessor 220 is programmed to provide an ID manager 222 function. TheID manager 222 generates an identification packet using procedures forManchester encoding and RS232 framing of a unique identification number.Table I includes pseudocode of the procedures carried out by the IDmanager 222.

TABLE I Pseudocode for ID Manager Retrieve the data words containing theidentification number. Load the data words containing the identificationnumber into RAM. Begin Encode Loop.   Begin transmitting information.  Set the start bit to begin the first half of the Manchester cycle.  Load a data word.   Pad out time and set the end bit.   Set the startbit to begin the second half of the Manchester cycle.   Load a dataword.   Pad out time and set the end bit.   Set RS-232 framing. Loopuntil the packet is complete.

Referring to FIG. 20 in addition to FIG. 19 a, the decoder plug 206 ofthe presently preferred embodiment is illustrated. The decoder plug 206is a physical reader that has an identification number that isprogrammed at manufacture. The continuously operable and parasiticallypowered communication interface permits the decoder plug 206 to remotelyread the identification number of an attached ID sender 202. The decoderplug 206 includes a signal receiver 230, a processor 232, and a voltageregulator 234. The signal receiver 230 provides a balanced impedance onthe serial bus for receiving the serial stream from the sender tag 202.The buffered serial stream is coupled from the output of the signalreceiver 230 to an input of the processor 232 which converts it into aparallel stream. Firmware in the processor 232 implements an ID readermodule 236 to provide the conversion function. A tri-state buffer 233coupled to the processor 232 permits unobstructed passthroughcommunication from the interface port 210 to a peripheral device coupledto the decoder plug 206 through a connector 235. Power, Vcc, from theparallel port is regulated by the voltage regulator 234 and used topower the processor 232 and signal receiver 230. Table II providespseudocode of the ID reader module 236.

TABLE II Pseudocode for ID Reader Manager Load the Manchester encodeddata. Perform a majority sample decode (converts the Manchester symbolsto a bit stream). Strip the start and end bits. Output a series ofbytes. Assemble the bytes into a message. Perform error and checksumtesting. Store the message.

In operation, the communication system has multiple operating modes,such as asset control mode, network management information mode, andlicense control mode. In asset control mode the system provides externalidentifiers as a guaranteed reference for computer change controlincluding change of location and change of configuration. During networkmanagement information mode the system automates the physical managementand inventory of equipment. In license control mode the system tradesaccess to the computer in exchange for a physical inventory of theconnected identifiers.

With reference to FIGS. 19 a and 20, during asset control mode thecontrol manager 216 located in the server 214 sends an asset identifierrequest to the port reader 218 requesting the identification number ofequipment that is monitored by the computer 204 a. The asset identifierrequest is passed through the decoder plug 206 to each of the ID sendertags 202 that are associated with the computer 204 a. The ID manager 222in each ID sender tag 202 Manchester encodes a predefined identificationnumber and transmits the encoded number to the decoder plug 206 as aserial stream with RS-232 framing. The ID reader module 236 in thedecoder plug 206 performs a majority sample decode to convert theManchester symbols to a bit stream. In addition, the reader module 236provides the equivalent of a UART by stripping the start and end bitsand outputting a series of bytes. The bytes are then assembled into anID sender message and stored after appropriate error and checksumtesting. The decoder plug 206 then formats the stored sender messagesfor transmission to the interface port 210. First, a decoder message isassembled, consisting of identification information related to thedecoder plug 206, status information, and the stored sender messages.Second, a MAC/physical layer which handles the interface and handshakingto the interface port 210 is constructed. The decoder plug 206, thentransmits the assembled decoder information to the interface port 210.The port reader 218 receives the assembled decoder information,reformats the enclosed messages and transmits the reformatted messagesto the control manager 216. The control manager 216 evaluates theresponse from the computer 204 a. The evaluation by the control manager216 includes comparing and updating the configuration and locationinformation of the queried objects with previously stored information inthe associated database. The initial physical identity and initialphysical location of an object is input to the database during setup ofan ID sender tag 202 by an operator such as a user. Information relatedto the object is also inputted to the database. Related objectinformation includes the object serial number, physical attributes,physical configuration, electronic attributes, software configuration,network attributes, and date of entry.

Continuing to refer to FIGS. 19 a and 20, during network managementinformation mode a network manager determines the location orconfiguration of assets that are coupled to the network by interrogatingID senders 202 and decoder plugs 206 attached to assets. The system isespecially useful for token ring and fiber optic networks since thelocation information related to an object is provided by an ID sendertag 202 attached to a relatively immobile surface rather than reading aport address associated with a network device. The method ofinterrogating the ID sender tags 202 is similar to that employed duringasset control mode except asset configuration information is requestedinstead of merely identification of attached objects.

During license control mode a key manager located in server 214 limitsaccess to selected programs to predetermined assets or a quantity ofassets rather than to predetermined users or a quantity of users. Inresponse to a user attempting to open a controlled program, the keymanager ascertains the asset the user is employing and theidentification number assigned to the asset in a similar manner to thatdescribed for asset control mode. The key manager then employs accesscriteria to determine whether to grant access to the controlled program.

Although, in the preferred embodiment the comparison function of thecontrol manager and database is executed on a network serverelectronically coupled through a network to an ID sender tag 202, thescope of the invention includes conducting the comparison locally on acomputer that is being scanned, in a central database over a network,over a corporate intranet, and over the world wide Internet.

In operation, an application which runs “Java” through a standardbrowser is provided. A requestor connected to the Internet selects abutton to request related object information from an Internet connectedobject. In response to the request, an ActiveX (Java) control getspulled down onto a computer connected to the object, runs and reads theobject identification number and the object location identificationnumber from ID sender tags 202. The computer reports the related objectinformation back to the requester over the Internet.

From the foregoing it will be understood that the invention provides asystem and method for remotely detecting and reading an asset identityand location. Additionally, the system and method can be employed toautomate collection and validation of asset identity and location. Thesystem and method provide a means for communicating with an asset basedon identity or location. In addition, the system and method permit theautomated comparison and storage of asset configuration and locationinformation. Also, the system and method can be employed to automateasset change control. Additionally, the system and method provide ameans to perform asset management, remote identification, and remoteaccess security over the Internet in a guaranteed fashion.

The attachment of a remote module 16 or an ID sender tag 202 to anobject provides an identification number corresponding to the object.The location of an object with an attached remote module 16 is providedby the corresponding port address associated with the object. Thelocation of an object with an attached ID sender tag 202 is provided byan associated ID sender tag 202 that is attached to a surface of a wall,floor, or other relatively immobile object.

It should be understood that while this invention has been described inconnection with particular examples thereof, no limitation is intendedthereby since obvious modifications will become apparent to thoseskilled in the art after having the benefit of studying the foregoingspecification, drawings and following claims.

What is claimed is:
 1. A central network device comprising: at least oneDC supply; and an Ethernet connector comprising first and second pairsof contacts to carry BaseT Ethernet communication signals, wherein thecentral network device is configured to employ the at least one DCsupply to interrogate predetermined impedance within at least one pathcoupled between at least one of the contacts of the first pair ofcontacts and at least one of the contacts of the second pair of contactsof the Ethernet connector.